Is Roblox Safe for Your Kid?

The internet continues to create conflicts for parents who want to give their children the benefits it provides without exposing them to the dangers it harbors. Online videos games are part of that struggle. Staying up-to-date on safety issues helps parents better negotiate the benefits and costs of online gaming.

Parents want to provide their children with the tools for expanding their imaginations. Once it was the humble Lincoln Log set. Now it’s user-generated, multi-platform, immersive online gaming systems. With games like Roblox, kids now have the power to build any world they can imagine and socialize with other players from around the world.

Roblox touts 64 million active players every month, who log on to “create adventures, play games, roleplay, and learn with friends.”

Children put in hundreds of hours playing games like Roblox, and they’re emotionally connected to their accounts — to a level many adults may not consider. When a child’s account is stolen, they’ve lost more than just their username and password; they’ve given up the worlds they’ve built, the items they collected, the avatars they’ve customized, the friends they’ve made and any future plans for the game. It can be devastating.

Given the power and creativity Roblox provides children, the company takes a proactive stance to protect their players from inappropriate content, online hackers, cyber thieves and other internet dangers. Roblox provides resources like in-game moderators, parental guides and content controls to help parents. However, it’s impossible to monitor the activity of so many players.

Hackers can steal player accounts or infect computers with malware, but knowing the common safety issues will help you keep your devices safe and your child’s imagination on track.

Can you get a virus from Roblox?

It’s impossible to get a virus playing within the Roblox platform because the game doesn’t “permit, or have the functionality, to upload, retrieve, or otherwise disseminate harmful executables or malware via its platform,” says Brian Jaquet, the company’s Senior Public Relations Director.

However, while hackers can’t introduce a virus within the Roblox game, they can find ways to get kids to leave the platform where infection or account theft is possible.

Phishing attacks

Pop-up ads or chat links offering free Robox or custom items can lure children to fake phishing websites designed to infect your computer or steal your child’s Roblox account. It’s similar to how phishing attacks work on YouTube. Roblox hackers entice users away from the game with promises of free gifts or Robux, the platform’s in-game currency, if they click a link within a chat message or pop-up ad.

Malware

While on a malicious website, hackers trick users into downloading an executable program having an .exe extension. Once opened, the program infects the computer with malware designed to steal data, which can include your banking formation and passwords.

Stolen Passwords

Phishing attacks can also steal Roblox accounts while on fake websites. Players are prompted to login with their Roblox username and password with promises of free Robux. Their information is then saved and can be used to steal their password. The image below is from a phishing website.

The Roblox community rules clearly state players are forbidden to “sell, trade or give away Robux, digital goods or game codes except through official channels on the Roblox platform.” Players can buy and sell game items, but only as Builders Club members. Sharing outside programs on the Roblox site is not allowed, but it does happen.

Scams

Hackers can also steal from players while on the Roblox platform. These scams commonly use pop-up ads promising free items, but instead of a new weapon or t-shirt, players get their Robux stolen or accounts hijacked.

Fake maintenance

The so-called “Fake Maintenance Scam” is a phony graphic user interface (GUI) that tells users the site is “undergoing maintenance”. The scam is effective because it tricks players into giving away their login information. Younger or newer players, upset at their game’s interruption, are more likely to sign back in without questioning the GUI’s authenticity.

Here are some maintenance guidelines to help children identify when Roblox is actually undergoing maintenance:

An orange banner (see above) will appear on the Roblox website warning you before maintenance begins.

When the banner changes to red, you won’t be able to play Roblox until maintenance is finished.

Maintenance usually occurs when you’re asleep or at school.

Roblox will never ask for your username and password anywhere except the home page.

Botnets

Scammers can use “bots” to make money from Roblox players. Bots are automated programs that perform a specific set of tasks. On Roblox, the most common bot task is to create a fake account and message players, asking them to visit a website to get free Robux.

Hackers released thousands of bots or a “botnet” during the 2017 Group Wall Scam. The botnet was sending thousands of players to a monetized YouTube video to increase its number of views.

How to prevent attacks

Here are some ways to keep your little Roblox players and their devices safe.

Enable two-step verification

Two-step verification adds an extra layer of security to your child’s account by requiring an extra step to prove your identity. Any time your child signs in on a new device, Roblox will require you to enter a six-digit security code. For your child’s account, use a secure email address only you can access. Anyone trying to change the account’s password will need that security code.

Create a strong password

Even without phishing scams and fake GUIs, hackers have ways of guessing your child’s passwords using software. Teach your child that they should never write down their password or share it with anyone except you. Follow password creation guidelines to help them build a strong password that’s easy to remember.

Sign out when on shared devices

If your child plays Roblox on multiple devices, like a friend’s or a school’s computer, remind them sign out of their account when they’re done. It’s easy for others to access accounts when they’re simply left open in a browser.

Check the link before you click

You never want your child going to another website from the Roblox platform. If they do, they’re probably somewhere they shouldn’t be. Help them understand that URLs are an address for websites, like the one where they live. Just like they need to make sure they’re getting off the bus at the right stop, they need to check to make sure they’re on the right web address. For the Roblox website, they can look for the roblox.com address in the browser’s address bar. For example: https://en.help.roblox.com.

Set messaging and chat to “Friends”

Control who can communicate with your child through the account’s privacy settings. In the “Privacy” settings tab, users can control who can chat, message, invite and join them in the game. Restrict contact to “Friends” to keep your kid’s interactions safer. They’ll be less likely to encounter a malware link. However, you will still need to manage who their “Friends” are to keep the group safe.

If your child is part of the Builders Club, they can set their group to “Private” to keep out scammers.

Report Abuse and Scammers

Roblox employs moderators to monitor content, blocking inappropriate ads and warning players of scams. But with the game’s large number of users, player interactions, trading systems and user-generated content, it’s challenging to monitor everything.

Encourage your children to report any inappropriate behavior or scams. Roblox makes it easy for them to report others for a variety of abuses, from cyberbullying to posting offsite links. Tell them to find a grown up — either you or a moderator — if they have a bad feeling.

Free lunches

Use Roblox to teach your kids that there’s no such thing as a free lunch. If something sounds too good to be true, it probably is. If someone is offering free Robux or customized avatar t-shirt they’ve been wanting for weeks, it’s 99.9 percent likely to be a scam. The official Roblox trading system has specific rules to follow for exchanging items.

Download a good antivirus software

Antivirus software will protect your devices from getting infected by viruses or eliminating them if you do. There’s no substitute for vigilance, but downloading an antivirus software can eliminate the stress and worry that comes with the combination of children, the internet and digital devices.

As a parent, the last thing you want is to have your child’s social and creative Roblox experience end up as a bad memory. There’s more at stake than just a video game. Friends, digital worlds and hours of play can be stolen alongside usernames and passwords. Taking a little time to educate your kids about the real world can go a long way in keeping their digital one safe.

About This Site

This site is provided free, as is, without support and without ads. It is useful for Security teams who need to keep up to date with Infosec news. Information is automatically fetched and there is no guarantee of accuracy on any content on this site.